Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Privacy protection virus/will not run chkdsk on reboot/ windows update

Started by vizion5280 , Nov 13 2011 12:54 PM

  • This topic is locked This topic is locked

#1
vizion5280
Posted 13 November 2011 - 12:54 PM

vizion5280

    Member

  • Member
  • PipPip
  • 12 posts
My roommate went to the virus capital of the world aka worldstarhiphop.com on november 5. Privacy protection virus!!! Since then I have tried everything from running my eset to Malwarebytes (which won't update due to error code 732,0 0) to registry repair to deleting everything created on and since that date. I finally got past the blue screen by booting from the disc and running extended diagnostics. I managed to run otl and save the logs, but on aswMBR it always freezes before completion. Furthermore, I disconnected the ethernet cable so I would stop getting random messages about ip addresses being blocked. Despite this fact, it keeps saying that it downloaded the latest updates and to run windows update. I also have the google redirect, but I don't dare browse the internet anyways. I'm writing this from my friend's computer. The plan is to get online just long enough to post the logs once I get some feedback about aswMBR. If that doesn't sound bad enough, it won't boot into safe mode (ignores my f8 press). Other than that everything is fine (sarcasm) I have a powerpoint presentation due tomorrow. Please help!
  • 0

Advertisements

#2
Essexboy
Posted 13 November 2011 - 03:42 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the aswMBR log and the OTL logs please

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
  • 0

#3
vizion5280
Posted 16 November 2011 - 01:51 AM

vizion5280

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello again. After a lengthy battle I have managed to boot and complete the scans. I have attached eset scans additionally... I cannot use the tdss killer program that my eset customer care rep ironically provided.

OTL logfile created on: 10/12/2011 7:51:51 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\zach\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.09% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.31 Gb Total Space | 119.67 Gb Free Space | 25.89% Space Free | Partition Type: NTFS
Drive D: | 583.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VIZION | User Name: zach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/07 19:35:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zach\My Documents\Downloads\OTL.exe
PRC - [2010/03/24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/09/11 08:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/09/11 08:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/07 19:35:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zach\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [Auto | Stopped] -- -- (MySQL)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (Apache2.2)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/11 08:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 08:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/03/16 13:37:00 | 002,849,844 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)


========== Driver Services (SafeList) ==========

DRV - [2011/07/15 07:29:31 | 000,456,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/04/19 20:41:56 | 006,537,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/11/06 13:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 13:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/09/24 05:55:41 | 000,103,552 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qscnusb.sys -- (MobileAdapter)
DRV - [2009/09/11 08:26:26 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/09/11 08:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 08:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/07/29 20:37:08 | 000,394,752 | ---- | M] (usb-audio.de) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pgusbwdm.sys -- (pgusbwdm) usb-audio.de driver (commercial 2.8.36)
DRV - [2009/07/29 20:37:04 | 000,033,792 | ---- | M] (usb-audio.de) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pgusbmm3.sys -- (pgusbmme)
DRV - [2008/03/28 02:14:48 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/08/28 20:52:20 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/16 19:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/12/31 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default =
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.babylo...m/home?AF=18322
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/\r"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.3.0
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 02:23:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/19 00:01:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/12/11 23:29:17 | 000,000,000 | ---D | M]

[2011/03/09 21:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zach\Application Data\Mozilla\Extensions
[2009/03/22 17:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zach\Application Data\Mozilla\Extensions-BackupByFirefoxPortable
[2009/03/22 17:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zach\Application Data\Mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/11/07 12:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\hzbvycvg.default\extensions
[2010/06/24 06:25:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\hzbvycvg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/16 16:47:57 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\hzbvycvg.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/11/07 12:20:30 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\hzbvycvg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/08/16 16:47:57 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\hzbvycvg.default\searchplugins\bing-zugo.xml
[2011/05/08 12:45:50 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\hzbvycvg.default\searchplugins\firefox-add-ons.xml
[2011/08/18 22:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/11 15:38:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2010/05/27 11:00:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/30 02:23:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/19 00:01:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - Reg Error: Value error. File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - Reg Error: Value error. File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-20..\Run: [hemujewako] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\zach\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra 'Tools' menuitem : UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\zach\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra Button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\zach\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra 'Tools' menuitem : Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\zach\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@mail.mar@/ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@signup.mar@/ ([]msn in My Computer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2p...bs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1198304766354 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1199515900640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\zach\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\zach\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - (or) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/26 17:48:43 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 06:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{5b82f2ef-360d-11df-aee2-001d0976df80}\Shell - "" = AutoRun
O33 - MountPoints2\{5b82f2ef-360d-11df-aee2-001d0976df80}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5b82f2ef-360d-11df-aee2-001d0976df80}\Shell\AutoRun\command - "" = I:\HWPcAssistant.exe
O33 - MountPoints2\{5b82f2f3-360d-11df-aee2-001d0976df80}\Shell - "" = AutoRun
O33 - MountPoints2\{5b82f2f3-360d-11df-aee2-001d0976df80}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5b82f2f3-360d-11df-aee2-001d0976df80}\Shell\AutoRun\command - "" = I:\HWPcAssistant.exe
O33 - MountPoints2\{6c9da071-5477-11dd-adc7-00173f180e97}\Shell - "" = AutoRun
O33 - MountPoints2\{6c9da071-5477-11dd-adc7-00173f180e97}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6c9da071-5477-11dd-adc7-00173f180e97}\Shell\AutoRun\command - "" = I:\RunGame.exe
O33 - MountPoints2\{989681ac-0472-11df-ae92-001d0976df80}\Shell - "" = AutoRun
O33 - MountPoints2\{989681ac-0472-11df-ae92-001d0976df80}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{989681ac-0472-11df-ae92-001d0976df80}\Shell\AutoRun\command - "" = "R:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{9b0f79d2-39cb-11df-aee7-001d0976df80}\Shell - "" = AutoRun
O33 - MountPoints2\{9b0f79d2-39cb-11df-aee7-001d0976df80}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b0f79d2-39cb-11df-aee7-001d0976df80}\Shell\AutoRun\command - "" = I:\HWPcAssistant.exe
O33 - MountPoints2\{9b0f79d3-39cb-11df-aee7-001d0976df80}\Shell - "" = AutoRun
O33 - MountPoints2\{9b0f79d3-39cb-11df-aee7-001d0976df80}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b0f79d3-39cb-11df-aee7-001d0976df80}\Shell\AutoRun\command - "" = I:\HWPcAssistant.exe
O33 - MountPoints2\{9b0f79d4-39cb-11df-aee7-001d0976df80}\Shell - "" = AutoRun
O33 - MountPoints2\{9b0f79d4-39cb-11df-aee7-001d0976df80}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b0f79d4-39cb-11df-aee7-001d0976df80}\Shell\AutoRun\command - "" = I:\HWPcAssistant.exe
O33 - MountPoints2\{b19b55b2-2bd7-11de-ae0e-00173f180e97}\Shell\AutoRun\command - "" = I:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{b19b55b2-2bd7-11de-ae0e-00173f180e97}\Shell\Flip Video for PC\command - "" = I:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 03:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zach\Application Data\ElevatedDiagnostics
[2011/11/07 03:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/11/07 03:21:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/10/26 02:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zach\My Documents\accting
[2011/09/20 23:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zach\My Documents\Historysince1865
[3 C:\Documents and Settings\zach\My Documents\*.tmp files -> C:\Documents and Settings\zach\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/08 22:02:45 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/08 21:35:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\zach\Desktop\MBR.dat
[2011/11/08 18:59:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/07 20:36:33 | 000,213,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/07 02:58:51 | 000,002,140 | ---- | M] () -- C:\Documents and Settings\zach\My Documents\MorganMarriageRough.rtf
[2011/10/21 21:11:36 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\zach\My Documents\catch phrase.rtf
[2011/10/18 07:01:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/14 10:28:42 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/14 03:50:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011/10/12 19:43:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/12 19:42:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/12 19:42:00 | 2145,566,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/12 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/12 18:17:07 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/10/12 17:18:08 | 000,443,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/12 17:18:08 | 000,072,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/12 14:45:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/11 18:48:49 | 000,002,119 | ---- | M] () -- C:\Documents and Settings\zach\My Documents\occupywarning.rtf
[2011/10/09 16:26:43 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\zach\My Documents\DEA.rtf
[2011/10/08 03:50:55 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\videopadDowngrade.job
[2011/10/07 19:48:57 | 000,001,069 | ---- | M] () -- C:\Documents and Settings\zach\My Documents\occupysuggestion.rtf
[2011/09/24 18:39:42 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\zach\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\Documents and Settings\zach\My Documents\*.tmp files -> C:\Documents and Settings\zach\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 02:51:58 | 000,002,140 | ---- | C] () -- C:\Documents and Settings\zach\My Documents\MorganMarriageRough.rtf
[2011/10/21 21:11:36 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\zach\My Documents\catch phrase.rtf
[2011/10/12 14:45:20 | 2145,566,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/11 18:48:28 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\zach\My Documents\occupywarning.rtf
[2011/10/09 16:26:43 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\zach\My Documents\DEA.rtf
[2011/10/08 03:50:55 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\videopadDowngrade.job
[2011/10/07 19:48:57 | 000,001,069 | ---- | C] () -- C:\Documents and Settings\zach\My Documents\occupysuggestion.rtf
[2011/08/16 16:49:11 | 000,000,094 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011/08/16 16:49:11 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2011/08/16 16:47:49 | 000,201,852 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/03/09 21:28:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/03/09 21:28:20 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/09 21:28:20 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/03/09 21:28:19 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/11/13 23:13:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/07/08 22:39:06 | 000,042,432 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/06 04:10:15 | 000,225,411 | ---- | C] () -- C:\WINDOWS\System32\PosPrKpLib.dll
[2010/04/06 04:10:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\PosTickerLib.dll
[2010/01/07 01:11:06 | 000,077,348 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/08/31 15:04:57 | 000,157,555 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2009/08/31 15:04:57 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2009/05/23 16:28:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/05/23 16:01:48 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/05/16 23:08:53 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/05/02 03:23:52 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/03/22 17:02:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/19 00:20:40 | 000,000,094 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2008/05/22 18:50:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/01/14 12:40:56 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/01/14 12:40:56 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/01/14 12:40:56 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/01/14 11:48:52 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/01/14 03:29:08 | 000,640,957 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/01/14 03:29:08 | 000,000,797 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/01/14 03:19:50 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ImxEx.dll
[2008/01/14 03:02:18 | 001,033,522 | ---- | C] () -- C:\WINDOWS\The Matrix.dat
[2008/01/14 03:02:18 | 000,000,084 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2008/01/04 15:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 15:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/12/25 17:01:47 | 000,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini
[2007/12/20 15:18:07 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\zach\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/11 13:35:26 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/12/08 22:12:28 | 000,001,031 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/12/08 20:35:32 | 000,000,127 | -H-- | C] () -- C:\Documents and Settings\zach\Local Settings\Application Data\fusioncache.dat
[2007/12/06 10:23:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/06 10:14:16 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/12/06 10:14:16 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/06 09:48:29 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/12/06 09:48:29 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/12/06 09:48:29 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/12/06 09:48:28 | 000,233,012 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/12/06 09:48:12 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2007/12/06 09:48:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/12/06 09:48:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/12/06 09:46:41 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/11/14 11:42:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/11/09 05:01:59 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2007/08/26 20:45:44 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/12/15 11:38:48 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2005/09/23 05:52:14 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\OneWay.dll
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,443,232 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,072,372 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:12 | 000,456,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/06/02 08:05:40 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\1Way.dll

========== LOP Check ==========

[2008/11/24 04:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/12/11 23:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aHmHp06301
[2008/05/28 03:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2010/12/11 23:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/06/10 18:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/03/09 22:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2011/08/13 00:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/04/17 13:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/07/18 12:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2010/03/13 22:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/10/09 16:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/11/24 04:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/18 15:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2008/02/25 00:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/13 11:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/12 14:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/23 15:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/03/06 18:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/01/28 00:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ma\Application Data\FarStone
[2011/03/09 20:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ma\Application Data\Western Digital
[2010/08/03 21:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\Ableton
[2008/01/09 20:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\acccore
[2008/05/28 03:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\Broderbund
[2010/08/03 23:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\comcasttb
[2008/01/16 03:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\DAEMON Tools
[2011/11/07 03:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\ElevatedDiagnostics
[2008/01/14 11:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\FarStone
[2010/11/14 19:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\Helios
[2008/07/12 18:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\LimeWire
[2008/10/22 22:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\MSNInstaller
[2008/06/07 21:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\My Games
[2011/08/13 00:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\NCH Swift Sound
[2009/05/02 03:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\Research In Motion
[2009/01/18 22:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\SanDisk
[2011/09/17 03:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\uTorrent
[2011/08/28 01:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\vghd
[2011/08/03 13:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\Viewpoint
[2010/11/13 10:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\webex
[2011/08/11 19:13:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
[2011/10/12 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/09/05 21:41:01 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2011/10/08 03:50:55 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\videopadDowngrade.job
[2011/10/14 03:50:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2011/08/16 01:25:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*exe >
[2011/03/09 21:56:06 | 054,536,432 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\11-2_xp32_dd_ccc_ocl.exe
[2011/03/09 22:12:26 | 000,741,376 | ---- | M] (Foxconn Technology Group) -- C:\530_1018.EXE
[2011/03/09 21:08:01 | 008,588,616 | ---- | M] (Mozilla) -- C:\Firefox Setup 3.6.15.exe
[2011/03/09 21:38:10 | 009,921,840 | ---- | M] (PortableApps.com) -- C:\FirefoxPortable_3.6.15_English.paf.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\Zachary Varo1n.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\Zach Hockey.mov:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\Wounded Hero.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\What books would i take.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\WEED SONG HOOK.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\VID00015.AVI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\valet.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\UPCOMING CRAZY.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\They Coming for Us.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\THE CAT MOVIES.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\t mobile [bleep].rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\SOLUTIONS MEMO.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\soldier.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\so addicted(edit done).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\security resume.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\scrap 3.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\sales support.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\run it.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\RIZE FLYER!!.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\resume.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\PLEDGE FLYER.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\pitz.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\pin.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\MHMC.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\Marketing.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\mansion world.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\love tragedy.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\LIST.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\letter to department chairs.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\king 2.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\Jewelry.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\IMG_1573.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\IMG_1572.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\IMG_1570.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\IMG_1542.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\hot [bleep].mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\HEADRUSH FLYER.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\god of war.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\GO GO workout.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\GO GO TEAM CONTEST.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\g-code 2.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\friend request.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\financial aid appeal.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\FFOTWServlet;jsessionid=0001HxcqWwNsmefCOWFPAqDkPbl_12qg1p3t7.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\fairytale fFLYER.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\evan ad.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\EMP FLYER.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\electro flyer.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\eeoc.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\eeoc claim.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\E FLYER.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\DSC_1707.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\DSC_1703.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\DSC_1702.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\deferrment.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\CONFIRMATION NUMBER.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\confirmation number for fafsa.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\coalition announcement.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\CD2.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\CD1.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\career.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\car cales resumecv.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\car cales resume.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\BOOTFOOT.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\Black Magic.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\BEST DANCE TEAM.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\authorization.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\application.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\announcement.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\amelia.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\alicia number.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\~WRL0001.tmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\March of the Pigs.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\I Do Not Want This.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\Heresy.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\Eraser.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\Closer.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\Big Man With a Gun.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\A Warm Place.mp3:Roxio EMC Stream

< End of report >

Attached Files


  • 0

#4
Essexboy
Posted 16 November 2011 - 02:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you repaired the MBR with aswMBR which button did you use ? FIX or FIXMBR ?

I will need to go in heavy first and then I will clear the remnants

Allow Combofix to install the recovery console

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
vizion5280
Posted 17 November 2011 - 08:51 PM

vizion5280

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I used the scan button for fix MBR and I ran combofix and it didn't produce a log. unfortunately, I ran it twice because I didn't see that note
  • 0

#6
Essexboy
Posted 18 November 2011 - 12:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is the file that I believe to be infected C:\WINDOWS\system32\drivers\mrxsmb.sys
Unfortunately aswMBR is not geared up to fix this infection

Could you retry Combofix from safe mode please, if it fails again then re-run OTL for me with this script

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    mrxsmb.sys
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, there will be just one log.

  • 0

#7
vizion5280
Posted 18 November 2011 - 08:58 PM

vizion5280

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
In a new development when i ran combofix it made me get online. I do believe that file is one of the infected files. My anti virus have both alerted me to a sirehrref trojan in the svchost file or something like that... Since logging in online for the antivirus, it came up with another. So basically, logging in online got me another trojan... my computer would not boot in safe mode. So what I'm going to do is rescan the otl logs, paste that fix in, re run mbr, post the logs, and then try to boot in safe mode to run combofix. The last time I tried to boot in safe mode the computer froze. Thanks

Zach
  • 0

#8
Essexboy
Posted 19 November 2011 - 04:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK once I see the logs I may be able to formulate a new plan of action
  • 0

#9
vizion5280
Posted 22 November 2011 - 08:44 PM

vizion5280

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
attached are the newest logs, both aswM and otl freeze mid scan but I got both logs mid freeze on multiple occasions. I have regained chkdsk functionality and safe mode still freeze. running that custom fix to see if that gets things working

OTL logfile created on: 10/12/2011 7:51:51 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\zach\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.09% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.31 Gb Total Space | 119.67 Gb Free Space | 25.89% Space Free | Partition Type: NTFS
Drive D: | 583.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VIZION | User Name: zach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/07 19:35:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zach\My Documents\Downloads\OTL.exe
PRC - [2010/03/24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/09/11 08:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/09/11 08:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/07 19:35:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zach\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [Auto | Stopped] -- -- (MySQL)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (Apache2.2)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/11 08:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 08:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/03/16 13:37:00 | 002,849,844 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)


========== Driver Services (SafeList) ==========

DRV - [2011/07/15 07:29:31 | 000,456,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/04/19 20:41:56 | 006,537,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/11/06 13:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 13:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/09/24 05:55:41 | 000,103,552 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qscnusb.sys -- (MobileAdapter)
DRV - [2009/09/11 08:26:26 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/09/11 08:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 08:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/07/29 20:37:08 | 000,394,752 | ---- | M] (usb-audio.de) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pgusbwdm.sys -- (pgusbwdm) usb-audio.de driver (commercial 2.8.36)
DRV - [2009/07/29 20:37:04 | 000,033,792 | ---- | M] (usb-audio.de) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pgusbmm3.sys -- (pgusbmme)
DRV - [2008/03/28 02:14:48 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/08/28 20:52:20 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/16 19:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/12/31 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default =
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.babylo...m/home?AF=18322
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/\r"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.3.0
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 02:23:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/19 00:01:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/12/11 23:29:17 | 000,000,000 | ---D | M]

[2011/03/09 21:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zach\Application Data\Mozilla\Extensions
[2009/03/22 17:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zach\Application Data\Mozilla\Extensions-BackupByFirefoxPortable
[2009/03/22 17:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zach\Application Data\Mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/11/07 12:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\hzbvycvg.default\extensions
[2010/06/24 06:25:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\hzbvycvg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/16 16:47:57 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\hzbvycvg.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/11/07 12:20:30 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\hzbvycvg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/08/16 16:47:57 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\hzbvycvg.default\searchplugins\bing-zugo.xml
[2011/05/08 12:45:50 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\hzbvycvg.default\searchplugins\firefox-add-ons.xml
[2011/08/18 22:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/11 15:38:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2010/05/27 11:00:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/30 02:23:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/19 00:01:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - Reg Error: Value error. File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - Reg Error: Value error. File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-20..\Run: [hemujewako] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\zach\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra 'Tools' menuitem : UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\zach\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra Button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\zach\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra 'Tools' menuitem : Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\zach\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@mail.mar@/ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O15 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1006\..Trusted Domains: //@signup.mar@/ ([]msn in My Computer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2p...bs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1198304766354 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1199515900640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\zach\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\zach\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - (or) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/26 17:48:43 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 06:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{5b82f2ef-360d-11df-aee2-001d0976df80}\Shell - "" = AutoRun
O33 - MountPoints2\{5b82f2ef-360d-11df-aee2-001d0976df80}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5b82f2ef-360d-11df-aee2-001d0976df80}\Shell\AutoRun\command - "" = I:\HWPcAssistant.exe
O33 - MountPoints2\{5b82f2f3-360d-11df-aee2-001d0976df80}\Shell - "" = AutoRun
O33 - MountPoints2\{5b82f2f3-360d-11df-aee2-001d0976df80}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5b82f2f3-360d-11df-aee2-001d0976df80}\Shell\AutoRun\command - "" = I:\HWPcAssistant.exe
O33 - MountPoints2\{6c9da071-5477-11dd-adc7-00173f180e97}\Shell - "" = AutoRun
O33 - MountPoints2\{6c9da071-5477-11dd-adc7-00173f180e97}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6c9da071-5477-11dd-adc7-00173f180e97}\Shell\AutoRun\command - "" = I:\RunGame.exe
O33 - MountPoints2\{989681ac-0472-11df-ae92-001d0976df80}\Shell - "" = AutoRun
O33 - MountPoints2\{989681ac-0472-11df-ae92-001d0976df80}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{989681ac-0472-11df-ae92-001d0976df80}\Shell\AutoRun\command - "" = "R:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{9b0f79d2-39cb-11df-aee7-001d0976df80}\Shell - "" = AutoRun
O33 - MountPoints2\{9b0f79d2-39cb-11df-aee7-001d0976df80}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b0f79d2-39cb-11df-aee7-001d0976df80}\Shell\AutoRun\command - "" = I:\HWPcAssistant.exe
O33 - MountPoints2\{9b0f79d3-39cb-11df-aee7-001d0976df80}\Shell - "" = AutoRun
O33 - MountPoints2\{9b0f79d3-39cb-11df-aee7-001d0976df80}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b0f79d3-39cb-11df-aee7-001d0976df80}\Shell\AutoRun\command - "" = I:\HWPcAssistant.exe
O33 - MountPoints2\{9b0f79d4-39cb-11df-aee7-001d0976df80}\Shell - "" = AutoRun
O33 - MountPoints2\{9b0f79d4-39cb-11df-aee7-001d0976df80}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b0f79d4-39cb-11df-aee7-001d0976df80}\Shell\AutoRun\command - "" = I:\HWPcAssistant.exe
O33 - MountPoints2\{b19b55b2-2bd7-11de-ae0e-00173f180e97}\Shell\AutoRun\command - "" = I:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{b19b55b2-2bd7-11de-ae0e-00173f180e97}\Shell\Flip Video for PC\command - "" = I:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 03:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zach\Application Data\ElevatedDiagnostics
[2011/11/07 03:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/11/07 03:21:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/10/26 02:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zach\My Documents\accting
[2011/09/20 23:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zach\My Documents\Historysince1865
[3 C:\Documents and Settings\zach\My Documents\*.tmp files -> C:\Documents and Settings\zach\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/08 22:02:45 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/08 21:35:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\zach\Desktop\MBR.dat
[2011/11/08 18:59:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/07 20:36:33 | 000,213,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/07 02:58:51 | 000,002,140 | ---- | M] () -- C:\Documents and Settings\zach\My Documents\MorganMarriageRough.rtf
[2011/10/21 21:11:36 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\zach\My Documents\catch phrase.rtf
[2011/10/18 07:01:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/14 10:28:42 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/14 03:50:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011/10/12 19:43:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/12 19:42:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/12 19:42:00 | 2145,566,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/12 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/12 18:17:07 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/10/12 17:18:08 | 000,443,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/12 17:18:08 | 000,072,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/12 14:45:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/11 18:48:49 | 000,002,119 | ---- | M] () -- C:\Documents and Settings\zach\My Documents\occupywarning.rtf
[2011/10/09 16:26:43 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\zach\My Documents\DEA.rtf
[2011/10/08 03:50:55 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\videopadDowngrade.job
[2011/10/07 19:48:57 | 000,001,069 | ---- | M] () -- C:\Documents and Settings\zach\My Documents\occupysuggestion.rtf
[2011/09/24 18:39:42 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\zach\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\Documents and Settings\zach\My Documents\*.tmp files -> C:\Documents and Settings\zach\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 02:51:58 | 000,002,140 | ---- | C] () -- C:\Documents and Settings\zach\My Documents\MorganMarriageRough.rtf
[2011/10/21 21:11:36 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\zach\My Documents\catch phrase.rtf
[2011/10/12 14:45:20 | 2145,566,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/11 18:48:28 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\zach\My Documents\occupywarning.rtf
[2011/10/09 16:26:43 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\zach\My Documents\DEA.rtf
[2011/10/08 03:50:55 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\videopadDowngrade.job
[2011/10/07 19:48:57 | 000,001,069 | ---- | C] () -- C:\Documents and Settings\zach\My Documents\occupysuggestion.rtf
[2011/08/16 16:49:11 | 000,000,094 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011/08/16 16:49:11 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2011/08/16 16:47:49 | 000,201,852 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/03/09 21:28:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/03/09 21:28:20 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/09 21:28:20 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/03/09 21:28:19 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/11/13 23:13:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/07/08 22:39:06 | 000,042,432 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/06 04:10:15 | 000,225,411 | ---- | C] () -- C:\WINDOWS\System32\PosPrKpLib.dll
[2010/04/06 04:10:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\PosTickerLib.dll
[2010/01/07 01:11:06 | 000,077,348 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/08/31 15:04:57 | 000,157,555 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2009/08/31 15:04:57 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2009/05/23 16:28:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/05/23 16:01:48 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/05/16 23:08:53 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/05/02 03:23:52 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/03/22 17:02:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/19 00:20:40 | 000,000,094 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2008/05/22 18:50:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/01/14 12:40:56 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/01/14 12:40:56 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/01/14 12:40:56 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/01/14 11:48:52 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/01/14 03:29:08 | 000,640,957 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/01/14 03:29:08 | 000,000,797 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/01/14 03:19:50 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ImxEx.dll
[2008/01/14 03:02:18 | 001,033,522 | ---- | C] () -- C:\WINDOWS\The Matrix.dat
[2008/01/14 03:02:18 | 000,000,084 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2008/01/04 15:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 15:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/12/25 17:01:47 | 000,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini
[2007/12/20 15:18:07 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\zach\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/11 13:35:26 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/12/08 22:12:28 | 000,001,031 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/12/08 20:35:32 | 000,000,127 | -H-- | C] () -- C:\Documents and Settings\zach\Local Settings\Application Data\fusioncache.dat
[2007/12/06 10:23:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/06 10:14:16 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/12/06 10:14:16 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/06 09:48:29 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/12/06 09:48:29 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/12/06 09:48:29 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/12/06 09:48:28 | 000,233,012 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/12/06 09:48:12 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2007/12/06 09:48:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/12/06 09:48:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/12/06 09:46:41 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/11/14 11:42:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/11/09 05:01:59 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2007/08/26 20:45:44 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/12/15 11:38:48 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2005/09/23 05:52:14 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\OneWay.dll
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,443,232 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,072,372 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:12 | 000,456,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/06/02 08:05:40 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\1Way.dll

========== LOP Check ==========

[2008/11/24 04:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/12/11 23:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aHmHp06301
[2008/05/28 03:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2010/12/11 23:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/06/10 18:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/03/09 22:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2011/08/13 00:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/04/17 13:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/07/18 12:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2010/03/13 22:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/10/09 16:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/11/24 04:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/18 15:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2008/02/25 00:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/13 11:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/12 14:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/23 15:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/03/06 18:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/01/28 00:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ma\Application Data\FarStone
[2011/03/09 20:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ma\Application Data\Western Digital
[2010/08/03 21:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\Ableton
[2008/01/09 20:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\acccore
[2008/05/28 03:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\Broderbund
[2010/08/03 23:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\comcasttb
[2008/01/16 03:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\DAEMON Tools
[2011/11/07 03:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\ElevatedDiagnostics
[2008/01/14 11:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\FarStone
[2010/11/14 19:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\Helios
[2008/07/12 18:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\LimeWire
[2008/10/22 22:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\MSNInstaller
[2008/06/07 21:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\My Games
[2011/08/13 00:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\NCH Swift Sound
[2009/05/02 03:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\Research In Motion
[2009/01/18 22:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\SanDisk
[2011/09/17 03:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\uTorrent
[2011/08/28 01:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\vghd
[2011/08/03 13:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\Viewpoint
[2010/11/13 10:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\webex
[2011/08/11 19:13:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
[2011/10/12 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/09/05 21:41:01 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2011/10/08 03:50:55 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\videopadDowngrade.job
[2011/10/14 03:50:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2011/08/16 01:25:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*exe >
[2011/03/09 21:56:06 | 054,536,432 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\11-2_xp32_dd_ccc_ocl.exe
[2011/03/09 22:12:26 | 000,741,376 | ---- | M] (Foxconn Technology Group) -- C:\530_1018.EXE
[2011/03/09 21:08:01 | 008,588,616 | ---- | M] (Mozilla) -- C:\Firefox Setup 3.6.15.exe
[2011/03/09 21:38:10 | 009,921,840 | ---- | M] (PortableApps.com) -- C:\FirefoxPortable_3.6.15_English.paf.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\Zachary Varo1n.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\Zach Hockey.mov:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\Wounded Hero.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\What books would i take.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\WEED SONG HOOK.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\VID00015.AVI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\valet.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\UPCOMING CRAZY.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\They Coming for Us.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\THE CAT MOVIES.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\t mobile [bleep].rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\SOLUTIONS MEMO.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\soldier.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\so addicted(edit done).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\security resume.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\scrap 3.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\sales support.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\run it.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\RIZE FLYER!!.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\resume.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\PLEDGE FLYER.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\pitz.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\pin.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\MHMC.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\Marketing.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\mansion world.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\love tragedy.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\LIST.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\letter to department chairs.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\king 2.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\Jewelry.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\IMG_1573.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\IMG_1572.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\IMG_1570.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\IMG_1542.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\hot [bleep].mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\HEADRUSH FLYER.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\god of war.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\GO GO workout.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\GO GO TEAM CONTEST.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\g-code 2.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\friend request.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\financial aid appeal.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\FFOTWServlet;jsessionid=0001HxcqWwNsmefCOWFPAqDkPbl_12qg1p3t7.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\fairytale fFLYER.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\evan ad.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\EMP FLYER.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\electro flyer.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\eeoc.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\eeoc claim.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\E FLYER.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\DSC_1707.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\DSC_1703.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\DSC_1702.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\deferrment.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\CONFIRMATION NUMBER.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\confirmation number for fafsa.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\coalition announcement.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\CD2.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\CD1.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\career.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\car cales resumecv.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\car cales resume.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\BOOTFOOT.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\Black Magic.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\BEST DANCE TEAM.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\authorization.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\application.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\announcement.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\amelia.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\alicia number.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\My Documents\~WRL0001.tmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\March of the Pigs.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\I Do Not Want This.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\Heresy.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\Eraser.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\Closer.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\Big Man With a Gun.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\zach\A Warm Place.mp3:Roxio EMC Stream

< End of report >

Attached Files


  • 0

#10
Essexboy
Posted 23 November 2011 - 01:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Re-Run aswMBR

Click Scan

On completion of the scanClick the Fix Button
Posted Image

Save the log as before and post in your next reply

THEN

Retry combofix please, if necessary from safe mode
  • 0

#11
vizion5280
Posted 25 November 2011 - 11:00 PM

vizion5280

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
after the scan completed, it didn't give me an option to fix. Only to fix mbr. I managed to complete the two tests on my alternate login. Should I fix mbr or try to run combofix from safe mode first?

OTL logfile created on: 11/25/2011 1:15:50 AM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Ma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.49% Memory free
3.85 Gb Paging File | 3.27 Gb Available in Paging File | 84.97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.31 Gb Total Space | 121.59 Gb Free Space | 26.30% Space Free | Partition Type: NTFS
Drive E: | 7.52 Gb Total Space | 6.59 Gb Free Space | 87.70% Space Free | Partition Type: FAT32

Computer Name: VIZION | User Name: Ma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/07 18:35:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ma\Desktop\OTL.exe
PRC - [2010/03/24 14:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/09/11 07:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/01 13:32:54 | 008,699,904 | ---- | M] () -- C:\Program Files\MySpace\IM\MySpaceIM.exe


========== Modules (SafeList) ==========

MOD - [2011/08/07 18:35:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ma\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [Auto | Stopped] -- -- (MySQL)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (Apache2.2)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/11 07:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/03/16 12:37:00 | 002,849,844 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)


========== Driver Services (SafeList) ==========

DRV - [2011/11/22 17:55:47 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/19 19:41:56 | 006,537,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/09/24 04:55:41 | 000,103,552 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qscnusb.sys -- (MobileAdapter)
DRV - [2009/09/11 07:26:26 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/09/11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/07/29 19:37:08 | 000,394,752 | ---- | M] (usb-audio.de) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pgusbwdm.sys -- (pgusbwdm) usb-audio.de driver (commercial 2.8.36)
DRV - [2009/07/29 19:37:04 | 000,033,792 | ---- | M] (usb-audio.de) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pgusbmm3.sys -- (pgusbmme)
DRV - [2008/03/28 01:14:48 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/08/28 19:52:20 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/16 18:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/18 12:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/12/31 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2003/11/17 13:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...html?channel=us
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071206
IE - HKU\S-1-5-21-1138194560-3140844096-1299536313-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 01:23:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/18 23:01:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/12/11 22:29:17 | 000,000,000 | ---D | M]

[2010/10/07 13:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ma\Application Data\Mozilla\Extensions
[2010/12/11 22:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ma\Application Data\Mozilla\Firefox\Profiles\o6exievw.default\extensions
[2010/11/28 13:09:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ma\Application Data\Mozilla\Firefox\Profiles\o6exievw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/18 21:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/11 14:38:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/05/27 10:00:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/30 01:23:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/18 23:01:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - Reg Error: Value error. File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - Reg Error: Value error. File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1007..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1138194560-3140844096-1299536313-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\zach\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra 'Tools' menuitem : UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\zach\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra Button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\zach\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra 'Tools' menuitem : Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\zach\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2p...bs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1198304766354 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1199515900640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/26 16:48:43 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/25 01:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ma\Application Data\Sony Corporation
[2011/11/23 01:57:07 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/20 10:34:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/17 19:55:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/17 19:48:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/17 19:48:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/17 19:48:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/17 19:48:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/17 19:45:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/17 19:44:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/16 01:55:00 | 000,000,000 | ---D | C] -- C:\$WIN_NT$.~BT
[2011/11/16 01:54:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/11/07 02:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/11/07 02:21:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell

========== Files - Modified Within 30 Days ==========

[2011/11/25 01:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/25 00:59:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/24 20:12:39 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/24 20:04:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/24 20:04:44 | 2145,566,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/23 01:57:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/22 17:55:47 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/22 07:01:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/17 19:55:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/13 03:18:05 | 000,443,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/13 03:18:05 | 000,072,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/13 03:14:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/08 21:02:45 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/07 19:36:33 | 000,213,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/11/23 02:00:02 | 2145,566,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/23 01:57:13 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/17 19:55:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/17 19:55:13 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/17 19:48:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/17 19:48:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/17 19:48:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/17 19:48:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/17 19:48:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/15 18:28:51 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/08/16 15:49:11 | 000,000,094 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011/08/16 15:49:11 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2011/08/16 15:47:49 | 000,201,852 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2011/04/19 21:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/03/09 20:28:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/03/09 20:28:20 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/09 20:28:20 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/03/09 20:28:19 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/11/13 22:13:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/07/08 21:39:06 | 000,042,432 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/06 03:10:15 | 000,225,411 | ---- | C] () -- C:\WINDOWS\System32\PosPrKpLib.dll
[2010/04/06 03:10:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\PosTickerLib.dll
[2010/01/07 00:11:06 | 000,077,348 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/08/31 14:04:57 | 000,157,555 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2009/08/31 14:04:57 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2009/05/23 15:28:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/05/23 15:01:48 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/05/16 22:08:53 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/05/02 02:23:52 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/03/22 16:02:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/18 23:20:40 | 000,000,094 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2008/05/22 17:50:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/01/14 11:40:56 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/01/14 11:40:56 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/01/14 11:40:56 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/01/14 10:48:52 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/01/14 02:29:08 | 000,640,957 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/01/14 02:29:08 | 000,000,797 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/01/14 02:19:50 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ImxEx.dll
[2008/01/14 02:02:18 | 001,033,522 | ---- | C] () -- C:\WINDOWS\The Matrix.dat
[2008/01/14 02:02:18 | 000,000,084 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2008/01/04 14:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 14:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/12/25 16:01:47 | 000,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini
[2007/12/20 07:13:21 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Ma\Local Settings\Application Data\fusioncache.dat
[2007/12/11 12:35:26 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/12/08 21:12:28 | 000,001,031 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/12/06 09:23:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/06 09:14:16 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/12/06 09:14:16 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/06 08:48:29 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/12/06 08:48:29 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/12/06 08:48:29 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/12/06 08:48:28 | 000,233,012 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/12/06 08:48:12 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2007/12/06 08:48:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/12/06 08:48:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/12/06 08:46:41 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/11/14 10:42:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/11/09 04:01:59 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2007/08/26 19:45:44 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2006/11/07 03:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/12/15 10:38:48 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2005/09/23 04:52:14 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\OneWay.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,443,232 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,072,372 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/06/02 07:05:40 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\1Way.dll

========== LOP Check ==========

[2008/11/24 03:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/12/11 22:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aHmHp06301
[2008/05/28 02:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2010/12/11 22:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/06/10 17:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/03/09 21:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2011/08/12 23:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/04/17 12:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/07/18 11:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2010/03/13 21:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/10/09 15:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/11/24 03:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/18 14:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2008/02/24 23:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/13 10:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/12 13:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/23 14:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/03/06 17:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/01/27 23:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ma\Application Data\FarStone
[2011/03/09 19:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ma\Application Data\Western Digital
[2010/08/03 20:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\Ableton
[2008/01/09 19:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\acccore
[2008/05/28 02:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\Broderbund
[2010/08/03 22:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\comcasttb
[2008/01/16 02:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\DAEMON Tools
[2008/01/14 10:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\FarStone
[2010/11/14 18:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\Helios
[2008/07/12 17:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\LimeWire
[2008/10/22 21:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\MSNInstaller
[2008/06/07 20:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\My Games
[2011/08/12 23:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\NCH Swift Sound
[2009/05/02 02:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\Research In Motion
[2009/01/18 21:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\SanDisk
[2011/09/17 02:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\uTorrent
[2011/08/28 00:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\vghd
[2011/08/03 12:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\Viewpoint
[2010/11/13 09:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zach\Application Data\webex
[2011/08/11 18:13:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
[2011/11/25 01:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/09/05 20:41:01 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2011/10/08 02:50:55 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\videopadDowngrade.job
[2011/10/14 02:50:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2011/08/16 00:25:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/03/09 20:56:06 | 054,536,432 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\11-2_xp32_dd_ccc_ocl.exe
[2011/03/09 21:12:26 | 000,741,376 | ---- | M] (Foxconn Technology Group) -- C:\530_1018.EXE
[2011/03/09 20:08:01 | 008,588,616 | ---- | M] (Mozilla) -- C:\Firefox Setup 3.6.15.exe
[2011/03/09 20:38:10 | 009,921,840 | ---- | M] (PortableApps.com) -- C:\FirefoxPortable_3.6.15_English.paf.exe


< MD5 for: MRXSMB.SYS >
[2004/08/04 04:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\i386\sp2.cab:mrxsmb.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
[2010/05/04 01:34:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
[2010/05/04 01:34:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
[2006/05/05 02:41:45 | 000,453,120 | ---- | M] (Microsoft Corporation) MD5=025AF03CE51645C62F3B6907A7E2BE5E -- C:\WINDOWS\$NtUninstallKB978251_0$\mrxsmb.sys
[2011/04/29 09:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=0DC719E9B15E902346E87E9DCD5751FA -- C:\WINDOWS\$NtUninstallKB2536276-v2$\mrxsmb.sys
[2011/02/17 06:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=0EA4D8ED179B75F8AFA7998BA22285CA -- C:\WINDOWS\$NtUninstallKB2536276$\mrxsmb.sys
[2009/12/04 06:37:07 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=31422F271B5F3E257339541E76569A00 -- C:\WINDOWS\$hf_mig$\KB978251\SP2QFE\mrxsmb.sys
[2010/02/24 05:48:23 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=3500E756812E716351F2D341AE1D5623 -- C:\WINDOWS\$hf_mig$\KB980232\SP2QFE\mrxsmb.sys
[2009/12/04 11:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$hf_mig$\KB978251\SP3GDR\mrxsmb.sys
[2009/12/04 11:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2005/01/18 21:26:52 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=5DDC9A1B2EB5A4BF010CE8C019A18C1F -- C:\i386\mrxsmb.sys
[2009/12/04 10:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
[2008/04/13 12:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
[2008/04/13 12:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2005/01/18 19:51:58 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=7B195060FF456FA65954C72C5C1640FF -- C:\i386\SP2\Windows\System32\Drivers\mrxsmb.sys
[2011/07/15 06:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2011/07/15 06:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINDOWS\SoftwareDistribution\Download\cae2e05a002a9ae98c735c66fa6a46be\SP3GDR\mrxsmb.sys
[2011/07/15 06:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
[2011/07/15 06:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2005/01/18 19:51:40 | 000,440,064 | ---- | M] (Microsoft Corporation) MD5=7F09B37065B61DDBC6116F612E6183D1 -- C:\i386\SP1\Windows\System32\Drivers\mrxsmb.sys
[2011/04/29 09:47:42 | 000,457,856 | ---- | M] (Microsoft Corporation) MD5=8DD801E28EB76FDA2A38907882A0036F -- C:\WINDOWS\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys
[2010/02/24 04:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\$hf_mig$\KB980232\SP3GDR\mrxsmb.sys
[2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\$NtUninstallKB2511455$\mrxsmb.sys
[2009/12/04 07:41:55 | 000,453,760 | ---- | M] (Microsoft Corporation) MD5=F9692BE777822AB3F1A91C34728786DA -- C:\WINDOWS\$NtUninstallKB980232_0$\mrxsmb.sys
[2011/07/15 06:29:35 | 000,457,856 | ---- | M] (Microsoft Corporation) MD5=FB2FCCC70F7174C7BF64F48E96D3ADF4 -- C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys
[2011/07/15 06:29:35 | 000,457,856 | ---- | M] (Microsoft Corporation) MD5=FB2FCCC70F7174C7BF64F48E96D3ADF4 -- C:\WINDOWS\SoftwareDistribution\Download\cae2e05a002a9ae98c735c66fa6a46be\SP3QFE\mrxsmb.sys
[2010/02/24 05:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
[2011/02/17 06:19:38 | 000,457,472 | ---- | M] (Microsoft Corporation) MD5=FB7DFD15D760AD339837A470F0E780D3 -- C:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >

Attached Files


  • 0

#12
Essexboy
Posted 26 November 2011 - 05:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Go to combofix please as the TDL appears to have disappeared which is a tad suspicious

First run this small programme and post the log it creates

Please download GetPartitions from the link bellow. You must right click on the link and choose Save as.... Save it as GetPartitions.bat on your desktop

getpartitions.bat

Double click it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").
It will produce C:\DiskReport.txt log please post results from that log here to me.

Then run Combofix
  • 0

#13
Essexboy
Posted 29 November 2011 - 04:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP